How can you ensure that BYOD user devices are secure?
In all seriousness, you can’t. I sometimes wonder if the BYOD movement, apart from its sloganeering about “empowering users” is really saying “hey, lets devolve the cost of device management onto employees and hope for the best”.
Back in the 90’s I worked at a University where we had something similar to a BYOD policy. That was, we didn’t have any real central management tools back then, and some staff, usually the ones that had just been awarded a research grant, would get their own laptop computers. The University had a site license for a popular anti-malware application that anyone connected to the University network could download and install. The application was configured so that definitions and updates would automatically be retrieved from a special location whenever computers would connect to the University network.
Even in the days when people regarded computer viruses with the same existential dread that the regarded sharks, it is fair to say that only a minority of people were diligent about anti-malware sanitation.
Today, organizations that have BYOD policies tend to also put forward “recommendations” as to how users protect their computers. The perennial problem with BYOD is that the computers are “theirs” and not “ours”. Depending on the BYOD policy, the responsibility for protecting the computer is left to the device’s owner. Important to note is that in most cases, no one in the IT department is actually responsible for checking that the user is actually keeping their device secure. It’s difficult to pin the blame on the IT guy if the guy in Sales computer is borked by malware if the guy in Sales was responsible for keeping it secure.
BYOD is pushed by users because they feel it empowers them. But with that empowerment comes responsibility. Whether or not a majority of users are embracing that responsibility is something that is difficult, if not impossible, to determine.
